Anthropic Unveils MCP Tunnels and Self-Hosted Sandboxes in Major AI Security Push

Breaking News: Anthropic Strengthens AI Agent Security with Two New Infrastructure Features

LONDON — Anthropic today announced the public beta of self-hosted sandboxes and a research preview of MCP tunnels, two critical security upgrades for its Claude Managed Agents platform. The announcements came during the company’s first-ever developer conference held outside the United States, Code with Claude, in London.

These features shift execution control from Anthropic’s cloud to customer-owned infrastructure, addressing key concerns around data privacy, compliance, and network security in enterprise AI deployments.

Self-Hosted Sandboxes Take Execution Off-Cloud

Anthropic’s new self-hosted sandboxes allow AI agents to run tool execution directly on a customer’s own infrastructure or on that of managed service providers like Cloudflare, Daytona, Modal, or Vercel. This isolation prevents rogue scripts from accessing internal networks or leaking data to third parties.

While tools execute in the customer’s environment, the “agent loop”—the continuous cycle of perception, reasoning, orchestration, and error recovery—remains on Anthropic’s servers. The sandbox essentially acts as a secure execution layer, similar to isolated testing environments in software development.

“Claude Managed Agents let us replicate the power of a local agent with the reliability, versioning, and background execution of a cloud agent… Running it with our sandboxes, like Daytona, gives us control over the filesystem, so we can mount external file stores and install packages on the fly,” said Ryan Chang, AI engineering builder at Clay.

MCP Tunnels Enable Private Network Connectivity

The MCP tunnels, currently in research preview, provide a lightweight gateway for agents to connect to MCP servers inside a private network without exposing those servers to the public internet. Anthropic describes them as a “single outbound connection” managed from the Claude Console’s workspace settings by system administrators.

MCP (Model Context Protocol) is emerging as an industry standard for agent interconnectivity, now under the Linux Foundation. The tunnels add a managed security layer atop this protocol, allowing enterprises to safely integrate agents with internal databases, APIs, and other services.

Background

The push for self-hosted sandboxes and MCP tunnels comes as enterprises increasingly adopt AI agents for production workflows but remain wary of security risks. Traditional cloud-based agent execution can expose sensitive data or create vulnerabilities if an agent generates malicious code. By isolating execution and controlling network access, Anthropic aims to bridge the gap between agent autonomy and corporate security policies.

Both features require no changes to existing Claude Managed Agents integrations. Switching between Anthropic’s infrastructure and a customer’s own is handled via configuration changes, such as swapping cloud-managed API tokens for local authentication keys and updating network routing parameters.

What This Means

For enterprises, these upgrades mean they can deploy AI agents with the same level of security and control as traditional software. Self-hosted sandboxes allow compliance with data residency requirements and internal auditing standards. MCP tunnels enable agents to access sensitive internal systems without opening firewalls.

Analysts see this as a strategic move by Anthropic to compete with Microsoft and OpenAI in the enterprise AI market, where security and governance are paramount. The company’s decision to announce at a London conference also signals its ambition to tap into European regulatory priorities, such as GDPR compliance.

Businesses now have a clearer path to production AI agents that don’t sacrifice security for capability. The next step will be how quickly enterprises adopt these tools and whether Anthropic can maintain its security-focused brand amid growing competition.